In early February 2014, the European Commission published its first ever EU Anti-Corruption Report[1], which I read with great interest. As the Report rightly identifies, corruption can seriously harm the economy and society as a whole and, in extreme cases, can undermine the trust of citizens in democratic institutions and processes. These are issues we need actively to address at the level of the EU institutions.

The Report highlighted whistleblowing as an area in which effective policies can help reduce the opportunities for corruption. The Report noted, however, that "[…] whistleblowing faces difficulties given the general reluctance to report such acts within one’s own organisation, and fear of retaliation. In this regard, building an integrity culture within each organisation, raising awareness, and creating effective protection mechanisms that would give confidence to potential whistleblowers are key […]."[2]

Article 22c of the Staff Regulations, which entered into force on 1 January 2014, makes further provision to address the above issue as regards the EU institutions and their staff. It stipulates that EU institutions shall lay down internal rules covering the protection of whistleblowers and the provision of information to them, as well as the procedure for handling complaints made by whistleblowers concerning the way they were treated as a result of reporting serious irregularities.

To give effect to Article 22c of the Staff Regulations, the Ombudsman drafted internal rules on whistleblowing, using the Commission's Guidelines on Whistleblowing as a valuable source of inspiration[3]. The draft rules were then circulated to all the Ombudsman's staff, via the Staff Committee, with an invitation to submit comments. Given the obligation on staff to report serious irregularities, it was felt to be particularly important that staff feel ownership of the rules, that they understand them and feel confident in the protection they provide.

The draft rules were then submitted to the Ombudsman's Data Protection Officer, in line with the accountability principle espoused by the European Data Protection Supervisor in his 'Policy on Consultations in the field of Supervision and Enforcement'[4]. Given the data protection implications of whistleblowing, the Ombudsman is finalising a notification on the subject, which will be submitted to the EDPS under Article 27 of the Data Protection Regulation[5], along with the draft rules.

Finally, the draft rules are also being made available on the Ombudsman's website for public comment before a final version is adopted.

As Ombudsman, I want to assist the EU administration to ensure it is doing all in its power to encourage individuals who uncover serious irregularities to speak up. It is against this background that I have decided to open the present own-initiative inquiry[6] in relation to whistleblowing.

I am aware that many of the EU institutions and bodies have adopted guidance as regards whistleblowing. Given the need to adopt internal rules that comply with Article 22c, the own-initiative inquiry focuses mainly on that specific obligation.

I am therefore writing to all the EU institutions and bodies that are represented in the College of the Heads of Administration[7], asking them to inform me of the steps they have taken, or intend to take, to give effect to Article 22c of the Staff Regulations.

In particular, I would be grateful if you could provide me with

(i) information on whether your institution has already adopted, or when you intend to adopt, the internal rules required by Article 22c of the Staff Regulations and the form that these rules take, or will take;

(ii) information on the procedure for adopting the said internal rules, if applicable. In particular, I would be interested to know if, in the adoption process your staff and/or the general public had the opportunity to give their views and, if so, in what way;

(iii) a copy of the said rules or a preliminary draft thereof, if applicable; and

(iv) any other useful information on this subject. In particular, given that the management of public funds concerns not only the staff of EU institutions, but also third parties, such as contractors and subcontractors, I would invite you to reflect on how external informants, while falling outside the scope of an institution's internal rules on whistleblowing, could be encouraged to report serious irregularities and how they might best be protected if they do so.[8]

Please note that I may consider it useful to make your reply available on the Ombudsman's website.

I would be grateful if you were to send your reply by 31 October 2014. Should your services require any further information or clarifications concerning this own-initiative inquiry, please do not hesitate to contact the legal officer handling it, Mr Philipp-Maximilian Chaimowicz (tel: +32 2 284 67 68).

Yours sincerely,

Emily O'Reilly

[1] Report from the Commission to the Council and the European Parliament - EU Anti-Corruption Report, Brussels, 3.2.2014, COM(2014) 38 final.

[3] See Communication from Vice-President Šefčovič to the Commission on Guidelines on Whistleblowing, Brussels, 6.12.2012, SEC(2012) 679 final.

[4] See European Data Protection Supervisor 'Policy on Consultations in the field of Supervision and Enforcement'; December 2012.

[5] Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data; OJ 2001 L 8, p.1.

[6] In accordance with Article 228 of the Treaty on the Functioning of the European Union, the Ombudsman is empowered to conduct inquiries on her own initiative in relation to the activities of the Union institutions, bodies, offices or agencies.

[7] The European Parliament, the European Commission, the Council of the European Union, the Court of Justice of the European Union, the European Court of Auditors, the European External Action Service, the European Economic and Social Committee, the Committee of the Regions, and the European Data Protection Supervisor. As the EU Staff Regulations do not apply to the European Central Bank or European Investment Bank, this inquiry is not addressed to them. The College of the Heads of Administration and the Staff Regulations Committee will be informed of the inquiry. The EU agencies will also be informed of the inquiry, via the Fundamental Rights Agency, which currently represents the agencies in the College of the Heads of Administration.

[8] By way of example, the European Investment Bank’s Whistleblowing Policy applies to all members of its staff and "any other person providing the Bank with services, including consultants and other service providers under contract with the Bank". Please also see in this regard the Ombudsman's decision on complaint 1906/2007/VIK, especially paragraphs 64 and 67, available on www.ombudsman.europa.eu.